System and Method for Enhanced Control System Security

1. A system, comprising: a controller configured to control a turbine system; a data repository configured to store a first mapping data structure that associates an application certificate to a user identity and to store a second mapping data structure that associates the user identity to a user privilege; and an Object Linking and Embedding for Process Control (OPC) Unified Architecture (UA) server communicatively coupled to the controller, wherein the OPC UA server is configured to: receive the application certificate from an OPC UA client; determine the user identity of the OPC UA client using the first mapping data structure; determine the user privilege granted the OPC UA client using the second mapping data structure; and provide the OPC UA client access to the controller based on the user privilege to enable the OPC UA client to instruct the controller to perform control actions on the turbine system.

2. The system of claim 1 , wherein the OPC UA server is configured to input the application certificate into the first mapping data structure to determine the user identity of the OPC UA client and to input the user identity of the OPC UA client into the second mapping data structure to determine the user privilege granted the OPC UA client.

3. The system of claim 1 , wherein the application certificate is a certificate object.

4. The system of claim 1 , wherein the OPC UA server is configured to transmit a server certificate to the OPC UA client, and the OPC UA client is configured to authenticate the OPC UA server by using the server certificate.

5. The system of claim 1 , comprising a trusted store, wherein the OPC UA server is configured to authenticate the OPC UA client by using the application certificate and the trusted store.

6. The system of claim 5 , wherein the Trusted Store comprises a certificate store with an OPC UA overlay.

7. The system of claim 1 , comprising an application certificate mapping (ACM) system configured to create the first and the second mappings.

8. The system of claim 7 , wherein the ACM system comprises a user-to-application certificate mapping screen configured create the first mapping by visually associating the user identity to the application certificate.

9. The system of claim 7 , wherein the ACM system comprises a user-to-user privilege mapping screen configured create the second mapping by visually associating the user identity to the user privilege.

10. The system of claim 1 , wherein the controller is a triple modular redundancy (TMR) controller.

11. The system of claim 10 , wherein the turbine system comprises a gas turbine system a steam turbine system, a wind turbine system, a water turbine system, or any combination thereof.

12. A method comprising: creating, using an application certificate management system, a first mapping data structure configured to associate an application certificate to a user identity; creating, using the application certificate management system, a second mapping data structure configured to associate the user identity to a user privilege; receiving the application certificate from an Object Linking and Embedding for Process Control (OPC) Unified Architecture (UA) client at an OPC UA server in a turbine system; verifying, using the OPC UA server, that the application certificate is stored in a trusted store; when the application certificate is stored in the trusted store: determining, using the OPC UA server, the user identity of the OPC UA client using the first mapping data structure; determining, using the OPC UA server, the user privilege granted the OPC UA client using the second mapping data structure; and enabling, using the OPC UA server, the OPC UA client to perform control actions in the turbine system by providing access to a controller configured to control the turbine system based on the user privilege.

13. The method of claim 12 , wherein determining the user identify of the OPC UA client comprises inputting the application certificate into the first mapping data structure, and determining the user privilege granted the OPC UA client comprises inputting the user identity into the second mapping data structure.

14. The method of claim 12 , wherein the user privilege corresponds to a method call made to the turbine system by the OPC UA client.

15. The method of claim 12 , comprising displaying a visual representation of the first mapping data structure and a visual representation of the second mapping data structure on a graphical user interface (GUI).

16. The method of claim 12 , wherein the application certificate is a certificate object.

17. A tangible, non-transitory, computer-readable medium storing a plurality of instructions executable by a processor of a turbine system, the instructions comprising instructions to: create a first mapping data structure, wherein the first map is configured to associate a user identity to an application certificate; create a second mapping data structure, wherein the second map is configured to associate the user identity to a user privilege; receive the application certificate from an Object Linking and Embedding for Process Control (OPC) Unified Architecture (UA) client requesting access to the turbine system; determine the user identity of the OPC UA client using the first mapping data structure; determine the user privilege granted the OPC UA client using the second mapping data structure; and enable the OPC UA client to perform control actions in the turbine system via a controller configured to control the turbine system, wherein the OPC UA client is provided access to the controller based on the user privilege granted the OPC UA client.

18. The medium of claim 17 , wherein the user privilege is included in at least one user role associated with the OPC UA client.

19. The medium of claim 17 , comprising instructions to display a visual representation of the first mapping data structure and a visual representation of the second mapping data structure on a graphical user interface (GUI).

20. The medium of claim 17 , wherein the application certificate is a certificate object.